On Tue, Jun 20, 2006 at 09:47:39AM +0200, Andreas John wrote: > >1) strict DNS checks (matching forward/reverse) > I understand that checking for the existence of a reverse mapping may be > a clever thing, but the reason for forward/reverse matching is not > obvious to me: Imagine a user who only has one public IP at his > "all-in-one" mail-web-server. His reverse is www.mydomain.tld to make > people with traceroute happy, but his mx is mx1.mydomain.tld. To get > through your spamfilter, the reverse has to be changed to > mx1.mydomain.tld - that looks not nice in the traceroute ... I have personally never seen a reasonably configured server reject mail on such scenarios. Actually all of the servers that I administer have a different MX name pointing to them than what is their reverse. I think the real point is that the MX must have a reverse name and the reverse name must point to the same IP address. The whole setup smells like a forgery if this is not the case. (And no, I do not use www.something as the reverse but something that actually identifies the host. Web hosts move every now and then but hostnames are likely to stay the same for a long time.)
Attachment:
signature.asc
Description: Digital signature